Using $_SERVER[PHP_SELF]

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
jdhorton77
Forum Commoner
Posts: 56
Joined: Tue Nov 07, 2006 3:29 pm
Location: Charlotte, NC

Using $_SERVER[PHP_SELF]

Post by jdhorton77 »

Burrito | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Hello all:

I'm trying to use $SERVER[PHP_SELF] in my action parameter in my HTML form tag. And it works when I just type it out as an HTML form. But I'm trying to echo the form code in a php function to be called in an if statement in the body area. Here's a snippet of what I have so far...

Code: Select all

function showform()
	{
	echo '
	<form action="<?PHP echo $_SERVER[PHP_SELF]; ?>" method="post">
		Username: <input type="text" name="username" tabindex=1 > 
		Password: <input type="text" name="password" tabindex=2 > 
		
		<input type="hidden" name="submitted" value="submitted" >
		<input type="submit" name="submit" value="Submit" >
	</form>
	';
	}
and here is the if statement...

Code: Select all

<body>
        <?php 
	if (array_key_exists('submitted', $_POST))
	{
		nextform();
	}
	else
	{
		showform();
	}
         ?>
</body>
Now when I access the page in my explorer it shows the form, but when I submit it throws up an ie error page. If anyone can help me out I would so greatly appreciate it. Thanks


Burrito | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
User avatar
Burrito
Spockulator
Posts: 4715
Joined: Wed Feb 04, 2004 8:15 pm
Location: Eden, Utah

Post by Burrito »

set and return a variable in your function then echo out your function result.

also, you'll need to use the concat operator (.) to tie your string together. The way you have it now (with some weird embeded echo) won't work.
brendandonhue
Forum Commoner
Posts: 71
Joined: Mon Sep 25, 2006 3:21 pm

Post by brendandonhue »

Code: Select all

function showform()
        {
        echo '
        <form action="' . $_SERVER['PHP_SELF'] . '" method="post">
                Username: <input type="text" name="username" tabindex=1 >
                Password: <input type="text" name="password" tabindex=2 >
               
                <input type="hidden" name="submitted" value="submitted" >
                <input type="submit" name="submit" value="Submit" >
        </form>
        ';
        }
Last edited by brendandonhue on Tue Nov 07, 2006 4:16 pm, edited 1 time in total.
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

Or...

Code: Select all

function showform()
{
        ?>
        <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
                Username: <input type="text" name="username" tabindex=1 >
                Password: <input type="text" name="password" tabindex=2 >
               
                <input type="hidden" name="submitted" value="submitted" >
                <input type="submit" name="submit" value="Submit" >
        </form>
        <?php
}
User avatar
jdhorton77
Forum Commoner
Posts: 56
Joined: Tue Nov 07, 2006 3:29 pm
Location: Charlotte, NC

Post by jdhorton77 »

Thank you guys sooo much. I've been trying to figure that one out for a while now. I was just about to pull out my last bit of hair.
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

Right now your form is open for XSS attacks... Instead of using $_SERVER['PHP_SELF'] as target for your form you can also use '#' as target, which leads to exactly the same result (post to the same url) with that difference that it's impossible to inject malicious data into your html.

Code: Select all

<form action="#" method="post">
</form>
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Also be aware that the button isn't necessarily going to be in the submission data.
Post Reply